Est ce normal ce log

alcaline · Février 21, 2016, 1:23pm

je voudrais savoir si il a pas une erreur de ce log sachant que fail2ban jy est pas toucher depuis le mois d’aout

2012-09-23 11:17:21,388 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2012-09-24 10:16:18,205 fail2ban.jail   : INFO   Jail 'ssh' stopped
2012-09-24 10:16:18,225 fail2ban.server : INFO   Exiting Fail2ban
2012-09-24 10:16:48,320 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2012-09-24 10:16:48,321 fail2ban.jail   : INFO   Creating new jail 'ssh'
2012-09-24 10:16:48,321 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2012-09-24 10:16:48,421 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-09-24 10:16:48,422 fail2ban.filter : INFO   Set maxRetry = 6
2012-09-24 10:16:48,423 fail2ban.filter : INFO   Set findtime = 600
2012-09-24 10:16:48,423 fail2ban.actions: INFO   Set banTime = 600
2012-09-24 10:16:48,504 fail2ban.jail   : INFO   Jail 'ssh' started
2012-09-24 13:47:28,419 fail2ban.jail   : INFO   Jail 'ssh' stopped
2012-09-24 13:47:28,441 fail2ban.server : INFO   Exiting Fail2ban
2012-09-24 13:48:12,105 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2012-09-24 13:48:12,106 fail2ban.jail   : INFO   Creating new jail 'ssh'
2012-09-24 13:48:12,106 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2012-09-24 13:48:12,161 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-09-24 13:48:12,161 fail2ban.filter : INFO   Set maxRetry = 6
2012-09-24 13:48:12,162 fail2ban.filter : INFO   Set findtime = 600
2012-09-24 13:48:12,163 fail2ban.actions: INFO   Set banTime = 600
2012-09-24 13:48:12,283 fail2ban.jail   : INFO   Jail 'ssh' started
2012-09-24 14:40:59,030 fail2ban.jail   : INFO   Jail 'ssh' stopped
2012-09-24 14:40:59,051 fail2ban.server : INFO   Exiting Fail2ban
2012-09-24 14:41:18,918 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2012-09-24 14:41:18,919 fail2ban.jail   : INFO   Creating new jail 'ssh'
2012-09-24 14:41:18,919 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2012-09-24 14:41:18,983 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-09-24 14:41:18,984 fail2ban.filter : INFO   Set maxRetry = 6
2012-09-24 14:41:18,985 fail2ban.filter : INFO   Set findtime = 600
2012-09-24 14:41:18,985 fail2ban.actions: INFO   Set banTime = 600
2012-09-24 14:41:19,094 fail2ban.jail   : INFO   Jail 'ssh' started

loreleil · Février 21, 2016, 1:23pm

Salut,

[quote=“alcaline”]je voudrais savoir si il a pas une erreur de ce log sachant que fail2ban jy est pas toucher depuis le mois d’aout
[/quote]

Ma foi les informations que retourne fail2ban.log, sont on ne peut plus que “normal”.

[root@yunohost] ~ # tail -n 188 /var/log/fail2ban.log 2012-09-27 08:49:07,553 fail2ban.jail : INFO Jail 'ssh' stopped 2012-09-27 08:49:07,555 fail2ban.server : INFO Exiting Fail2ban 2012-09-27 08:49:09,006 fail2ban.server : INFO Changed logging 2012-09-27 08:49:09,008 fail2ban.jail : INFO Creating new jail 'apache-w00tw00t' 2012-09-27 08:49:09,012 fail2ban.jail : INFO Jail 'apache-w00tw00t' uses Gamin 2012-09-27 08:49:09,085 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,087 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:09,100 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,101 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,212 fail2ban.jail : INFO Creating new jail 'xinetd-fail' 2012-09-27 08:49:09,212 fail2ban.jail : INFO Jail 'xinetd-fail' uses Gamin 2012-09-27 08:49:09,215 fail2ban.filter : INFO Added logfile = /var/log/daemon.log 2012-09-27 08:49:09,217 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:09,227 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,229 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,293 fail2ban.jail : INFO Creating new jail 'apache-multiport' 2012-09-27 08:49:09,294 fail2ban.jail : INFO Jail 'apache-multiport' uses Gamin 2012-09-27 08:49:09,299 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,303 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:09,321 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,322 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,382 fail2ban.jail : INFO Creating new jail 2012-09-27 08:49:09,382 fail2ban.jail : INFO Jail 'apache-anti-scripts' 2012-09-27 08:49:09,388 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,391 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:09,410 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,414 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,557 fail2ban.jail : INFO Creating new jail 2012-09-27 08:49:09,557 fail2ban.jail : INFO Jail 'apache-phpmyadmin' uses Gamin 2012-09-27 08:49:09,560 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,562 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:09,572 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,574 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,623 fail2ban.jail : INFO Creating new jail 'mysql' 2012-09-27 08:49:09,624 fail2ban.jail : INFO Jail 'mysql' uses Gamin 2012-09-27 08:49:09,627 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,629 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,633 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:09,643 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,644 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,678 fail2ban.jail : INFO Creating new jail 'courierauth' 2012-09-27 08:49:09,679 fail2ban.jail : INFO Jail 'courierauth' uses Gamin 2012-09-27 08:49:09,682 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2012-09-27 08:49:09,684 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:09,694 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,696 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,730 fail2ban.jail : INFO Creating new jail 'apache' 2012-09-27 08:49:09,730 fail2ban.jail : INFO Jail 'apache' uses Gamin 2012-09-27 08:49:09,733 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,735 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:09,745 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,747 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,784 fail2ban.jail : INFO Creating new jail 'pam-generic' 2012-09-27 08:49:09,784 fail2ban.jail : INFO Jail 'pam-generic' uses Gamin 2012-09-27 08:49:09,787 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-09-27 08:49:09,789 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:09,800 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,802 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,850 fail2ban.jail : INFO Creating new jail 'apache-nodnsuse' 2012-09-27 08:49:09,851 fail2ban.jail : INFO Jail 'apache-nodnsuse' uses Gamin 2012-09-27 08:49:09,854 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:09,856 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:09,867 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,869 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:09,929 fail2ban.jail : INFO Creating new jail 'dropbear' 2012-09-27 08:49:09,930 fail2ban.jail : INFO Jail 'dropbear' uses Gamin 2012-09-27 08:49:09,935 fail2ban.filter : INFO Set maxRetry = 6 2012-09-27 08:49:09,950 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:09,952 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,265 fail2ban.jail : INFO Creating new jail 'couriersmtp' 2012-09-27 08:49:10,266 fail2ban.jail : INFO Jail 'couriersmtp' uses Gamin 2012-09-27 08:49:10,273 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2012-09-27 08:49:10,275 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:10,285 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,287 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,320 fail2ban.jail : INFO Creating new jail 'dovecot' 2012-09-27 08:49:10,321 fail2ban.jail : INFO Jail 'dovecot' uses Gamin 2012-09-27 08:49:10,324 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2012-09-27 08:49:10,325 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:10,336 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,338 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,374 fail2ban.jail : INFO Creating new jail 'proftpd' 2012-09-27 08:49:10,374 fail2ban.jail : INFO Jail 'proftpd' uses Gamin 2012-09-27 08:49:10,377 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,379 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:10,389 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,391 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,445 fail2ban.jail : INFO Creating new jail 'php-url-fopen' 2012-09-27 08:49:10,446 fail2ban.jail : INFO Jail 'php-url-fopen' uses Gamin 2012-09-27 08:49:10,449 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,451 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:10,462 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,463 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,483 fail2ban.jail : INFO Creating new jail 'http-get-dos' 2012-09-27 08:49:10,483 fail2ban.jail : INFO Jail 'http-get-dos' uses Gamin 2012-09-27 08:49:10,487 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,489 fail2ban.filter : INFO Set maxRetry = 300 2012-09-27 08:49:10,499 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,501 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,535 fail2ban.jail : INFO Creating new jail 'apache-noscript' 2012-09-27 08:49:10,536 fail2ban.jail : INFO Jail 'apache-noscript' uses Gamin 2012-09-27 08:49:10,540 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,546 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:10,560 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,562 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,606 fail2ban.jail : INFO Creating new jail 2012-09-27 08:49:10,606 fail2ban.jail : INFO Jail 'apache-bloquescan' uses Gamin 2012-09-27 08:49:10,609 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,611 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:10,625 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,628 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,672 fail2ban.jail : INFO Creating new jail 'ssh' 2012-09-27 08:49:10,672 fail2ban.jail : INFO Jail 'ssh' uses Gamin 2012-09-27 08:49:10,676 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-09-27 08:49:10,677 fail2ban.filter : INFO Set maxRetry = 1 2012-09-27 08:49:10,688 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,690 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,829 fail2ban.jail : INFO Creating new jail 'apache-overflows' 2012-09-27 08:49:10,830 fail2ban.jail : INFO Jail 'apache-overflows' uses Gamin 2012-09-27 08:49:10,833 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,835 fail2ban.filter : INFO Set maxRetry = 2 2012-09-27 08:49:10,845 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,847 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,882 fail2ban.jail : INFO Creating new jail 2012-09-27 08:49:10,883 fail2ban.jail : INFO Jail 'apache-dosevasive' uses Gamin 2012-09-27 08:49:10,886 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:10,888 fail2ban.filter : INFO Set maxRetry = 10 2012-09-27 08:49:10,898 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,900 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,918 fail2ban.jail : INFO Creating new jail 'postfix' 2012-09-27 08:49:10,918 fail2ban.jail : INFO Jail 'postfix' uses Gamin 2012-09-27 08:49:10,922 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2012-09-27 08:49:10,924 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:10,934 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:10,936 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:10,970 fail2ban.jail : INFO Creating new jail 'ssh-ddos' 2012-09-27 08:49:10,970 fail2ban.jail : INFO Jail 'ssh-ddos' uses Gamin 2012-09-27 08:49:10,974 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2012-09-27 08:49:10,975 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:10,986 fail2ban.filter : INFO Set findtime = 600 2012-09-27 08:49:10,987 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:11,021 fail2ban.jail : INFO Creating new jail 'apache-404' 2012-09-27 08:49:11,021 fail2ban.jail : INFO Jail 'apache-404' uses Gamin 2012-09-27 08:49:11,024 fail2ban.filter : INFO Added logfile = 2012-09-27 08:49:11,026 fail2ban.filter : INFO Set maxRetry = 12 2012-09-27 08:49:11,036 fail2ban.filter : INFO Set findtime = 31536000 2012-09-27 08:49:11,038 fail2ban.actions: INFO Set banTime = 31536000 2012-09-27 08:49:11,072 fail2ban.jail : INFO Creating new jail 'sasl' 2012-09-27 08:49:11,072 fail2ban.jail : INFO Jail 'sasl' uses Gamin 2012-09-27 08:49:11,076 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2012-09-27 08:49:11,077 fail2ban.filter : INFO Set maxRetry = 3 2012-09-27 08:49:11,088 fail2ban.filter : INFO Set findtime = 600 2012-09-27 08:49:11,089 fail2ban.actions: INFO Set banTime = 600 2012-09-27 08:49:11,127 fail2ban.jail : INFO Jail 'apache-w00tw00t' started 2012-09-27 08:49:11,146 fail2ban.jail : INFO Jail 'xinetd-fail' started 2012-09-27 08:49:11,151 fail2ban.jail : INFO Jail 'apache-multiport' started 2012-09-27 08:49:11,159 fail2ban.jail : INFO Jail 'apache-anti-scripts' started 2012-09-27 08:49:11,174 fail2ban.jail : INFO Jail 'apache-phpmyadmin' started 2012-09-27 08:49:11,201 fail2ban.jail : INFO Jail 'mysql' started 2012-09-27 08:49:11,250 fail2ban.jail : INFO Jail 'courierauth' started 2012-09-27 08:49:11,278 fail2ban.jail : INFO Jail 'apache' started 2012-09-27 08:49:11,328 fail2ban.jail : INFO Jail 'pam-generic' started 2012-09-27 08:49:11,372 fail2ban.jail : INFO Jail 'apache-nodnsuse' started 2012-09-27 08:49:11,399 fail2ban.jail : INFO Jail 'dropbear' started 2012-09-27 08:49:11,448 fail2ban.jail : INFO Jail 'couriersmtp' started 2012-09-27 08:49:11,493 fail2ban.jail : INFO Jail 'dovecot' started 2012-09-27 08:49:11,560 fail2ban.jail : INFO Jail 'proftpd' started 2012-09-27 08:49:11,634 fail2ban.jail : INFO Jail 'php-url-fopen' started 2012-09-27 08:49:11,685 fail2ban.jail : INFO Jail 'http-get-dos' started 2012-09-27 08:49:11,725 fail2ban.jail : INFO Jail 'apache-noscript' started 2012-09-27 08:49:11,786 fail2ban.jail : INFO Jail 'apache-bloquescan' started 2012-09-27 08:49:11,836 fail2ban.jail : INFO Jail 'ssh' started 2012-09-27 08:49:11,883 fail2ban.jail : INFO Jail 'apache-overflows' started 2012-09-27 08:49:11,945 fail2ban.jail : INFO Jail 'apache-dosevasive' started 2012-09-27 08:49:12,019 fail2ban.jail : INFO Jail 'postfix' started 2012-09-27 08:49:12,123 fail2ban.jail : INFO Jail 'ssh-ddos' started 2012-09-27 08:49:12,294 fail2ban.jail : INFO Jail 'apache-404' started 2012-09-27 08:49:12,476 fail2ban.jail : INFO Jail 'sasl' started 2012-09-27 08:49:26,363 fail2ban.actions: WARNING [ssh] Ban 69.238.138.30 2012-09-27 08:49:26,853 fail2ban.actions: WARNING [ssh] Ban 181.68.240.129 2012-09-27 23:12:48,487 fail2ban.actions: WARNING [ssh] Ban 46.105.104.175 2012-09-27 23:55:40,662 fail2ban.actions: WARNING [ssh] Ban 46.105.5.12 2012-09-28 06:25:21,433 fail2ban.filter : INFO Log rotation detected 2012-09-28 06:25:21,436 fail2ban.filter : INFO Log rotation detected 2012-09-29 00:20:18,072 fail2ban.actions: WARNING [ssh] Ban 221.204.253.107 2012-09-29 02:30:53,863 fail2ban.actions: WARNING [ssh] Ban 174.142.82.141 2012-09-29 06:29:12,737 fail2ban.filter : INFO Log rotation detected 2012-09-29 06:29:12,740 fail2ban.filter : INFO Log rotation detected [root@yunohost] ~ # target to /var/log/fail2ban.log for Fail2ban v0.8.6 /var/log/apache2/access.log /var/log/apache2/error.log 'apache-anti-scripts' uses Gamin /var/log/apache2/access.log 'apache-phpmyadmin' /var/log/apache2/error.log /var/log/mysql/mysql.log.1.gz /var/log/mysql/mysql.log /var/log/apache2/error.log /var/log/apache2/error.log /var/log/proftpd/proftpd.log /var/log/apache2/access.log /var/log/apache2/access.log /var/log/apache2/error.log 'apache-bloquescan' /var/log/apache2/error.log /var/log/apache2/error.log 'apache-dosevasive' /var/log/apache2/error.log /var/log/apache2/access.log for /var/log/mysql/mysql.log for /var/log/mysql/mysql.log.1.gz for /var/log/mysql/mysql.log for /var/log/mysql/mysql.log.1.gz

Je ne vois pas trop ce qui t’inquiètes …

lol · Février 21, 2016, 1:23pm

Salut,

On ne peux plus normal pour un démarrage de fail2ban.

ricardo · Février 21, 2016, 1:23pm

[quote]Creating new jail 'ssh’
2012-09-24 13:48:12,106 fail2ban.jail : INFO Jail ‘ssh’ uses poller
2012-09-24 13:48:12,161 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2012-09-24 13:48:12,161 fail2ban.filter : INFO Set maxRetry = 6
2012-09-24 13:48:12,162 fail2ban.filter : INFO Set findtime = 600
2012-09-24 13:48:12,163 fail2ban.actions: INFO Set banTime = 600
2012-09-24 13:48:12,283 fail2ban.jail : INFO Jail ‘ssh’ started
2012-09-24 14:40:59,030 fail2ban.jail : INFO Jail ‘ssh’ stopped
2012-09-24 14:40:59,051 fail2ban.server : INFO Exiting Fail2ban
2012-09-24 14:41:18,918 fail2ban.server : INFO Changed loggi[/quote]
Vous trouvez normal que sans intervention de sa part et plusieurs fois dans une journée, que soit créé un Jail SSH, qu’il soit démarré, qu’il soit ensuite arrêté et que ça sorte de Fail2ban puis que le loging soit modifié ???
Moi pas

loreleil · Février 21, 2016, 1:23pm

Salut,

les logs confirmeront, entre autre /var/log/boot …

* edit *

Précision avant qu’une autre question fuse.

les config on présume.

Du reste il n’est point précisé si il y a eu un redémarrage fail2ban ? iptables ? (chez moi le script iptables inclus la relance de fail2ban)

alcaline · Février 21, 2016, 1:28pm

c’est vrai que j’ai reboot le serveur a plusieur reprise

ricardo · Février 21, 2016, 1:28pm

Dans ce cas, Loreleil a raison mais comme en principe un serveur ça ne se reboute que rarement …

alcaline · Février 21, 2016, 1:28pm

Par contre jai subis des attaques une personne a essayé de ce connecté en ssh en utilisant plusieurs nom pourtant dans fail2ban jai configurer pour que l’ip soit banni au bout de 3 tentative a ce que je vois fail2ban a pas fait son taf je post les logs plus tard

ricardo · Février 21, 2016, 1:28pm

Des attaques SSH, j’en ai 2 ou 3 par jour. Elles sont toutes loguées sous root et comme j’ai interdit root, je suis cool.
Quant à fail2ban, tu es sûr que tu l’as bien configuré et que le temps de bannissement est suffisamment long ? Perso, pour SSH, c’est une seule fausse tentative pour être banni.

lol · Février 21, 2016, 1:28pm

Salut,

ricardo · Février 21, 2016, 1:29pm

“configuré” n’est certes pas le bon terme mais il était tard
Disons remplir les cases qui vont bien avec les chiffres qui vont bien
commenter ou décommenter les lignes qui vont bien.
Il doit exister un terme qui résume ça à un seul mot mais il est sorti de ma tête

lol · Février 21, 2016, 1:29pm

Salut,
Non rien à redire sur configuré.
Je voulais souligner, comme toi, que fail2ban doit se configurer, et se tester.

Il ne fait pas son boulot quand il n’a pas été convenablement paramètré et testé…

ricardo · Février 21, 2016, 1:29pm

Voilà : “paramétrer” était le mot que je cherchais